Skip to main content
CVE-2023-31556 MEDIUM POC This Month

podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Podofo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-31555 MEDIUM POC This Month

podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podofo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27562 MEDIUM POC PATCH This Month

The n8n package 0.218.0 for Node.js allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal N8n
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2023-30777 MEDIUM POC THREAT This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Advanced Custom Fields
NVD
CVSS 3.1
6.1
EPSS
38.8%
CVE-2023-2615 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2614 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2616 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26126 MEDIUM POC This Month

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal M Static
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-2630 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-25545 MEDIUM PATCH This Month

Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-31150 MEDIUM This Month

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32573 MEDIUM PATCH This Month

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-25070 MEDIUM This Month

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24586 MEDIUM This Month

Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23901 MEDIUM This Month

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Basic Mb A130 Firmware Skybridge Mb A200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22361 MEDIUM This Month

Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
35.9%
CVE-2023-32070 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rendering Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29101 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Betheme
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27455 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Update Image Tag Alt Attribute
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27419 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Viable Blog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24392 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Full Width Banner Slider Wp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27918 MEDIUM This Month

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Amelia
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-47436 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.1.14. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yatra
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-32570 MEDIUM PATCH This Month

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Dav1D Fedora
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-32076 MEDIUM PATCH This Month

in-toto is a framework to protect supply chain integrity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure In Toto
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28411 MEDIUM PATCH This Month

Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25772 MEDIUM This Month

Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Intel Retail Edge Program
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25771 MEDIUM PATCH This Month

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Authentication Bypass Nuc 8 Compute Element Cm8I3Cb4N Firmware Nuc 8 Compute Element Cm8I5Cb8N Firmware +57
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-25179 MEDIUM This Month

Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Intel Unite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25175 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23909 MEDIUM This Month

Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Oneapi Hpc Toolkit Trace Analyzer And Collector
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22443 MEDIUM PATCH This Month

Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22379 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31165 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31164 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31163 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31160 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31159 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31158 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31157 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31156 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31155 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31154 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31153 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23873 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bbspoiler
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22696 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Affiliate Links Lite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23786 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Affiliate Toolkit
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23701 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Web Design Easy Sign Up
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22711 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Impress Listings
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27888 MEDIUM This Month

Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joruri Gw
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy